diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2001-08-06 21:42:00 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2001-08-06 21:42:00 +0000 |
| commit | a6c8a8d4d5c482163fc7c6784017cd8a802174f4 (patch) | |
| tree | 8686262cb08ae2136a446380ba1445add3977694 | |
| parent | 6818bfbf3084af380eea97ac91237a9a201d9504 (diff) | |
- markus@cvs.openbsd.org 2001/08/01 23:38:45
[scard.c ssh.c]
support finish rsa keys.
free public keys after login -> call finish -> close smartcard.
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | scard.c | 21 | ||||
| -rw-r--r-- | ssh.c | 12 |
3 files changed, 35 insertions, 4 deletions
| @@ -98,6 +98,10 @@ | |||
| 98 | [ssh-keygen.c] | 98 | [ssh-keygen.c] |
| 99 | allow uploading RSA keys for non-default AUT0 (sha1 over passphrase | 99 | allow uploading RSA keys for non-default AUT0 (sha1 over passphrase |
| 100 | like sectok). | 100 | like sectok). |
| 101 | - markus@cvs.openbsd.org 2001/08/01 23:38:45 | ||
| 102 | [scard.c ssh.c] | ||
| 103 | support finish rsa keys. | ||
| 104 | free public keys after login -> call finish -> close smartcard. | ||
| 101 | 105 | ||
| 102 | 20010803 | 106 | 20010803 |
| 103 | - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on | 107 | - (djm) Fix interrupted read in entropy gatherer. Spotted by markus@ on |
| @@ -6208,4 +6212,4 @@ | |||
| 6208 | - Wrote replacements for strlcpy and mkdtemp | 6212 | - Wrote replacements for strlcpy and mkdtemp |
| 6209 | - Released 1.0pre1 | 6213 | - Released 1.0pre1 |
| 6210 | 6214 | ||
| 6211 | $Id: ChangeLog,v 1.1451 2001/08/06 21:40:04 mouring Exp $ | 6215 | $Id: ChangeLog,v 1.1452 2001/08/06 21:42:00 mouring Exp $ |
| @@ -24,7 +24,7 @@ | |||
| 24 | 24 | ||
| 25 | #ifdef SMARTCARD | 25 | #ifdef SMARTCARD |
| 26 | #include "includes.h" | 26 | #include "includes.h" |
| 27 | RCSID("$OpenBSD: scard.c,v 1.11 2001/08/01 22:03:33 markus Exp $"); | 27 | RCSID("$OpenBSD: scard.c,v 1.12 2001/08/01 23:38:45 markus Exp $"); |
| 28 | 28 | ||
| 29 | #include <openssl/engine.h> | 29 | #include <openssl/engine.h> |
| 30 | #include <sectok.h> | 30 | #include <sectok.h> |
| @@ -262,6 +262,20 @@ err: | |||
| 262 | return (len >= 0 ? len : status); | 262 | return (len >= 0 ? len : status); |
| 263 | } | 263 | } |
| 264 | 264 | ||
| 265 | /* called on free */ | ||
| 266 | |||
| 267 | static int (*orig_finish)(RSA *rsa) = NULL; | ||
| 268 | |||
| 269 | static int | ||
| 270 | sc_finish(RSA *rsa) | ||
| 271 | { | ||
| 272 | if (orig_finish) | ||
| 273 | orig_finish(rsa); | ||
| 274 | sc_close(); | ||
| 275 | return 1; | ||
| 276 | } | ||
| 277 | |||
| 278 | |||
| 265 | /* engine for overloading private key operations */ | 279 | /* engine for overloading private key operations */ |
| 266 | 280 | ||
| 267 | static ENGINE *smart_engine = NULL; | 281 | static ENGINE *smart_engine = NULL; |
| @@ -291,13 +305,16 @@ sc_get_engine(void) | |||
| 291 | smart_rsa.rsa_priv_enc = sc_private_encrypt; | 305 | smart_rsa.rsa_priv_enc = sc_private_encrypt; |
| 292 | smart_rsa.rsa_priv_dec = sc_private_decrypt; | 306 | smart_rsa.rsa_priv_dec = sc_private_decrypt; |
| 293 | 307 | ||
| 308 | /* save original */ | ||
| 309 | orig_finish = def->finish; | ||
| 310 | smart_rsa.finish = sc_finish; | ||
| 311 | |||
| 294 | /* just use the OpenSSL version */ | 312 | /* just use the OpenSSL version */ |
| 295 | smart_rsa.rsa_pub_enc = def->rsa_pub_enc; | 313 | smart_rsa.rsa_pub_enc = def->rsa_pub_enc; |
| 296 | smart_rsa.rsa_pub_dec = def->rsa_pub_dec; | 314 | smart_rsa.rsa_pub_dec = def->rsa_pub_dec; |
| 297 | smart_rsa.rsa_mod_exp = def->rsa_mod_exp; | 315 | smart_rsa.rsa_mod_exp = def->rsa_mod_exp; |
| 298 | smart_rsa.bn_mod_exp = def->bn_mod_exp; | 316 | smart_rsa.bn_mod_exp = def->bn_mod_exp; |
| 299 | smart_rsa.init = def->init; | 317 | smart_rsa.init = def->init; |
| 300 | smart_rsa.finish = def->finish; | ||
| 301 | smart_rsa.flags = def->flags; | 318 | smart_rsa.flags = def->flags; |
| 302 | smart_rsa.app_data = def->app_data; | 319 | smart_rsa.app_data = def->app_data; |
| 303 | smart_rsa.rsa_sign = def->rsa_sign; | 320 | smart_rsa.rsa_sign = def->rsa_sign; |
| @@ -39,7 +39,7 @@ | |||
| 39 | */ | 39 | */ |
| 40 | 40 | ||
| 41 | #include "includes.h" | 41 | #include "includes.h" |
| 42 | RCSID("$OpenBSD: ssh.c,v 1.133 2001/08/01 22:03:33 markus Exp $"); | 42 | RCSID("$OpenBSD: ssh.c,v 1.134 2001/08/01 23:38:45 markus Exp $"); |
| 43 | 43 | ||
| 44 | #include <openssl/evp.h> | 44 | #include <openssl/evp.h> |
| 45 | #include <openssl/err.h> | 45 | #include <openssl/err.h> |
| @@ -756,6 +756,16 @@ again: | |||
| 756 | } | 756 | } |
| 757 | xfree(sensitive_data.keys); | 757 | xfree(sensitive_data.keys); |
| 758 | } | 758 | } |
| 759 | for (i = 0; i < options.num_identity_files; i++) { | ||
| 760 | if (options.identity_files[i]) { | ||
| 761 | xfree(options.identity_files[i]); | ||
| 762 | options.identity_files[i] = NULL; | ||
| 763 | } | ||
| 764 | if (options.identity_keys[i]) { | ||
| 765 | key_free(options.identity_keys[i]); | ||
| 766 | options.identity_keys[i] = NULL; | ||
| 767 | } | ||
| 768 | } | ||
| 759 | 769 | ||
| 760 | exit_status = compat20 ? ssh_session2() : ssh_session(); | 770 | exit_status = compat20 ? ssh_session2() : ssh_session(); |
| 761 | packet_close(); | 771 | packet_close(); |